Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

1841 VPN IPSec Tunnel Question

Hi -

I am turning up a remote office this weekend and had a couple question about my VPN setup. This setup is using the 1841 IS router, and there is no external FW for our NAT operation.

We will be connecting to the interentet using 2 seperate T1s. In my early stages of design, I was going to use multilink ppp, but receiving the provisioning info today, I noticed that they were giving me 2 seperate networks for each T1. I then would use IP cef and static routes to utilize the full 3M of BW on my wan side. This being the case, My VPN tunnel source was originally going to be that of my multilink interface, but now that I don't have that common multilink interface to source, in order to make sure my tunnel uses both Ts, I assume I need to ensure that my tunnel source is going to be that of my fa 0/0.

This is also a split-tunnel scenario, so we are only going to NAT the traffic destined outside our private range.

My quesations there are:

1) in terms of Radius authentication for router access, how do I ensure that the radius info is traversing the tunnel to get back to our internal server at the flagship office. Vice versa to that, if I want to SSH into the router, can I use that of the loopback or does it have to be the Fa0/0 address since the tunnel endpoint is there?

2)Since I don't have an external firewall at this location handling our NAT, will this design work if I configured the FA interface for 192.168.x.x, made sure there was a static NAT entry for that IP, and used that public IP address as the peer ip on my concentrator at the head end?

If anyone has any suggestions or tips for me, I would appreciate all feedback. Thank you all in advanced.

1 REPLY
Silver

Re: 1841 VPN IPSec Tunnel Question

For SSH console could be a better option

453
Views
0
Helpful
1
Replies
CreatePlease to create content